1.1

Question 1

Phishing

Answer 1

Phishing attacks are fraudulent emails, text messages, phone calls or web sites designed to trick users into downloading malware, sharing sensitive information or personal data

Question 2

Smishing

Answer 2

Smishing is a type of phishing attack that involves the use of text messages (SMS or MMS) to deceive individuals into providing sensitive information or taking certain actions. The term “smishing” is a combination of “SMS” (Short Message Service) and “phishing.”

Question 3

Vishing

Answer 3

Vishing, short for “voice phishing,” is a type of social engineering attack in which an attacker uses phone calls to trick individuals into providing sensitive information or taking certain actions. Vishing is similar to phishing but involves voice communication instead of electronic messages.

Question 4

Spam

Answer 4

Spam refers to unwanted or unsolicited messages, commonly seen in the form of mass-distributed emails, online forum posts, or instant messages. Whether for advertising, phishing, or other malicious purposes, spam is characterized by its unsolicited nature and the intent to reach a broad audience.

Question 5

SPIM

Answer 5

“Spim” is a term used to describe unsolicited instant messages, similar to email spam but occurring in the context of instant messaging (IM) platforms. Just as email spam involves the mass distribution of unwanted emails, spim involves the sending of unwanted messages through instant messaging systems.

Question 6

Spear Phishing

Answer 6

“Spear phishing” is a type of phishing campaign that targets a specific person or group and often will include information known to be of interest to the target, such as current events or financial documents.

Question 7

Dumpster Diving

Answer 7

Dumpster diving is a cyberattack where the attacker gets their hands on sensitive documents or data you carelessly threw into the trash bin. Yes, it sounds funny, but the potential damage is real.

Question 8

Shoulder Surfing

Answer 8

Shoulder surfing is a type of security threat in which an unauthorized person observes or spies on the activities of individuals, such as entering passwords, PINs, or other confidential information, by looking over their shoulders or from a distance.

Question 9

Pharming

Answer 9

Pharming is a cyber attack that involves the redirection of website traffic to fraudulent websites without the user’s knowledge. In a pharming attack, the attacker typically exploits vulnerabilities in the Domain Name System (DNS) or uses other methods to manipulate the resolution of domain names.

Question 10

Tailgating

Answer 10

Tailgating attacks are where an attacker follows an unaware user to gain access to an area without authorization.

Question 11

Eliciting Information

Answer 11

Eliciting information refers to the process of extracting sensitive or confidential data from individuals through various means, often with the goal of exploiting that information for malicious purposes. This can involve social engineering techniques.

Question 12

Whaling

Answer 12

“Whaling” is a type of cyber attack that specifically targets high-profile individuals within an organization, such as executives, top-level management, or individuals with access to sensitive information.

Question 13

Prepending

Answer 13

“Prepending” in the context of cybersecurity typically refers to a technique where additional characters or data are added to the beginning of a string or file. In the broader sense of “cyber,” “prepending” could be used in various cybersecurity concepts

Question 14

Identity Fraud

Answer 14

Identity fraud is a type of crime where an individual’s personal information is stolen and used for fraudulent purposes. This stolen information may include the person’s name, Social Security number, credit card details, or other sensitive data.

Question 15

Invoice Scam

Answer 15

An invoice scam is a type of fraud where scammers send fake invoices or bills to individuals or businesses with the intention of deceiving them into making payments for goods or services that were never received or were never legitimately contracted.

Question 16

Credential Harvesting

Answer 16

Credential harvesting, also known as credential harvesting attacks or password harvesting, is a type of cyber attack where malicious actors attempt to gather sensitive login credentials, such as usernames and passwords, from individuals. Typically carried out through phishing, malicious websites, email scams, or malware but not always.

Question 17

Reconnaissance

Answer 17

Attackers gather information about a target system, network, or organization to identify vulnerabilities and plan their attack. Cyber reconnaissance is a crucial step for attackers as it helps them understand the target environment and increases the chances of a successful cyber attack.

Question 18

Hoax

Answer 18

Cyber hoaxes can take various forms and may involve the spread of false information through emails, social media, websites, or other online platforms. These hoaxes can range from harmless pranks to more malicious attempts to deceive or manipulate people.

Question 19

Impersonation

Answer 19

Impersonation in the context of cybersecurity refers to the act of pretending to be someone else, often with the intent to deceive, manipulate, or gain unauthorized access to sensitive information.

Question 20

Watering Hole Attack

Answer 20

A watering hole attack is a type of cyber attack in which attackers compromise a website that is frequently visited by the target individuals or groups. The goal is to infect the websites frequented by the target audience with malware, exploiting the trust users place in those sites.

Question 21

Typosquatting

Answer 21

Typosquatting, also known as URL hijacking or fake URL attacks, is a deceptive practice where attackers register domain names that closely resemble legitimate, well-known websites. The intent is to capitalize on users making typographical errors when entering a website’s URL into their browser. These malicious domain names may have slight misspellings, extra characters, or variations that can easily go unnoticed by users at first glance.

Question 22

Pretexting

Answer 22

Pretexting is a social engineering technique used in cyber attacks where an attacker creates a fabricated scenario or pretext to manipulate individuals into divulging sensitive information or performing certain actions.

Question 23

Influence Campaigns

Answer 23

Influence campaigns in the context of cybersecurity refer to orchestrated efforts, often with a political or ideological motive, to manipulate public opinion, sow discord, or achieve specific outcomes by leveraging online platforms and social media.

Question 24

Hybrid Warfare

Answer 24

Hybrid warfare, a blend of conventional and unconventional tactics like cyberattacks, disinformation, and economic pressure, poses a complex threat.

Question 25

Social Media

Answer 25

Social media influence campaigns refer to coordinated efforts by individuals, organizations, or state actors to shape public opinion, manipulate perceptions, or achieve specific goals through the strategic use of social media platforms.

Question 26

Principles (Reasons for Effectiveness) :

Answer 26

Authority:
Pretending to be a figure of authority, such as a manager, IT personnel, or a trusted service provider, to gain trust and compliance from the target.

Intimidation:
Using threats, coercion, or fear tactics to manipulate individuals into divulging information or performing actions they wouldn’t under normal circumstances.

Consensus:
Leveraging the desire to conform by presenting fake evidence of others (fabricated consensus) complying with a request, making the target more likely to comply as well.

Scarcity:
Creating a sense of urgency or scarcity, such as claiming limited availability or an impending threat, to prompt the target to act hastily without proper verification.

Trust:
Establishing trust by impersonating a trusted entity, using familiarity, or exploiting pre-existing relationships to manipulate individuals into providing sensitive information.

Urgency:
Creating a false sense of urgency to pressure individuals into making quick decisions without proper verification, leading to actions that benefit the social engineer.